In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.

For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC). Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the continuous monitoring and response to major Incidents affecting the enterprise.

• Develop, document, and execute threat hunting operations to detect known adversary TTPs.
• Perform threat hunting operations across numerous data sets and security products to identify new and emerging adversary TTPs.
• Build and deploy automation and tools that enable hunting methodologies, investigation techniques, data enrichment, and workflow efficiencies. Operationalize these capabilities across the SOC.
• Document and communicate hunt methodologies and findings. Provide metrics to measure the impact of hunting operations.
• Collaborate with internal security partners, red teams, and threat intelligence teams to identify, prioritize, and research threat actor behaviors.
• Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
• Provide investigations, response, and root cause analysis to major incidents affecting the enterprise

Requirements

Requirements:

• Must have strong verbal and written communication skills; ability to communicate effectively to internal and external business partners as well as technical, and non-technical staff
• Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly
• Participate in current operations shifts, on call rotation, and focus area rotations
• Demonstrated knowledge of common/emerging attacks techniques.
• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
• Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
• Deep understanding of system internals on MacOS, Windows, and Linux
• Background in malware analysis
• Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
• Ability to effectively multi-task and prioritize in a fast-paced environment
• Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations

The ideal candidate will have experience in a team environment, experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, experience in development of security tools and automated investigations to support hunting operations, technical depth in highly dynamic, complex environment.